The vulnerability of EMC Avamar backup system, EMC NetWorker backup and recovery system, and EMC Integrated Data Protection Appliance – related to deficiencies in authentication procedures – allows attackers to bypass these authentication processes.

The vulnerabilities of the EMC Avamar backup system, the EMC NetWorker backup and recovery system, and the EMC Integrated Data Protection Appliance are related to deficiencies in authentication procedures. Exploiting these vulnerabilities allows a malicious actor to bypass authentication procedur...

Design/Logic Flaw

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

CVE-2017-15550

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

CVE-2017-15548

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized...

CVE-2017-15548

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized...

Authentication flaw

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized...

Path traversal

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

CVE-2017-15549

CVE-2017-15549 describes an arbitrary file upload vulnerability. A remote authenticated malicious user with low privileges could upload arbitrary files to any location on the server filesystem in affected VMware vSphere Data Protection (VDP) deployments, including VDP 5.x, 6.0.x, and 6.1.x. Affec...

CVE-2017-15550

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...

CVE-2017-15548

CVE-2017-15548 affects EMC/VDP solutions: vSphere Data Protection (VDP) on VMware appliances 5.x, 6.0.x, 6.1.x with an authentication bypass vulnerability that could allow a remote unauthenticated attacker to gain unauthorized root access. Related issues CVE-2017-15549 (arbitrary file upload) and...

CVE-2017-15548

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized...

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

CVE-2017-15550

CVE-2017-15550 is a path-traversal vulnerability in VMware vSphere Data Protection (VDP). A remote authenticated malicious user with low privileges could access arbitrary files on the server filesystem within the vulnerable VDP application. Affected product versions include VDP 5.x, 6.0.x, and 6....

EMC NetWorker < 8.2.4.9 / 9.x < 9.1.1.3 / 9.2.x < 9.2.0.4

The version of EMC NetWorker installed on the remote Windows host is prior to 8.2.4.9 or 9.x prior to 9.1.1.3 or 9.2.x prior to 9.2.0.4. It is, therefore, affected by a buffer overflow vulnerability. A remote, unauthenticated attacker may potentially exploit this vulnerability to execute arbitrar...

CVE-2017-8022

An issue was discovered in EMC NetWorker prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4. The Server service nsrd is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary co...

CVE-2017-8022

An issue was discovered in EMC NetWorker prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4. The Server service nsrd is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary co...

Buffer overflow

An issue was discovered in EMC NetWorker prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4. The Server service nsrd is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary co...

CVE-2017-8022

An issue was discovered in EMC NetWorker prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4. The Server service nsrd is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary co...